FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

webmin, usermin -- arbitrary file disclosure vulnerability

Affected packages
webmin < 1.290
usermin < 1.220

Details

VuXML ID 227475c2-09cb-11db-9156-000e0c2e438a
Discovery 2006-06-30
Entry 2006-07-02

The webmin development team reports:

An attacker without a login to Webmin can read the contents of any file on the server using a specially crafted URL. All users should upgrade to version 1.290 as soon as possible, or setup IP access control in Webmin.

References

Bugtraq ID 18744
URL http://www.webmin.com/security.html